Key Takeaways
- Cisco’s Foundation AI team has released a new AI-native cybersecurity model, Foundation-sec-8B-Reasoning, which extends the capabilities of previous models with structured reasoning capabilities.
- The model is purpose-built for cybersecurity workflows and can be applied to various security scenarios, such as threat modeling, attack path analysis, and security architecture review.
- Foundation-sec-8B-Reasoning outperforms larger general-purpose models on multi-step analytical tasks and delivers state-of-the-art performance on vulnerability root-cause mapping and reasoning benchmarks.
- The model is released under an open-weight license, allowing the community to customize, audit, and deploy it securely.
- Foundation-sec-8B-Reasoning can be used to elevate security reasoning, built for security workflows, and provides reasoning that outperforms other models.
Introduction to Foundation-sec-8B-Reasoning
Today marks another milestone in Cisco’s commitment to advancing AI-native cybersecurity. Following the success of Foundation-sec-8B and Foundation-sec-8B-Instruct, the Foundation AI team is proud to announce the public release of Llama-3.1-FoundationAI-SecurityLLM-8B-Reasoning (Foundation-sec-8B-Reasoning), now available on Hugging Face. Foundation-sec-8B-Reasoning is an 8-billion-parameter reasoning model purpose-built for cybersecurity workflows. It extends our Foundation-sec-8B and Foundation-sec-8B-Instruct models with structured reasoning capabilities that allow it to think through complex, multi-step security problems before presenting an answer.
Elevating Security Reasoning
Effective cybersecurity analysis requires deep, multi-layered reasoning. Analysts often need to connect signals across logs, code, configurations, and threat intelligence to identify root causes, predict attacker behavior, and recommend defensive actions. Generic reasoning models can assist, but they may lack the ability to understand the specific logic and structure of security workflows. Foundation-sec-8B-Reasoning bridges that gap by combining instruction-following with explicit reasoning traces. This enables it to explain not only "what" it recommends, but also "why" — helping analysts build trust in AI-assisted decisions.
Built for Security Workflows
Foundation-sec-8B-Reasoning extends Foundation-sec-8B-Instruct with reasoning fine-tuning to deliver domain-specific analytical capabilities across the security lifecycle. The model is built to support security workflows that demand logical reasoning, including tasks like threat modeling, attack path analysis, risk evaluation, and security architecture review. Foundation-sec-8B-Reasoning can be applied directly to a wide range of cybersecurity reasoning scenarios, such as system and configuration analysis, adversary behavior mapping, threat detection and analysis, access and privilege management, and context enrichment and investigation. To explore how Foundation-sec-8B-Reasoning can be applied across real-world security workflows, check out the use case cookbook on our public Github repository.
Reasoning That Outperforms
Foundation-sec-8B-Reasoning establishes a new benchmark for security-specific reasoning, outperforming larger general-purpose models on multi-step analytical tasks. The model uses test-time reasoning to reach higher accuracy on complex questions. It delivers state-of-the-art performance on vulnerability root-cause mapping and reasoning benchmarks while maintaining the compact, deployable 8B footprint. The model’s performance is demonstrated through benchmarking, where it outperforms other models such as Llama 3.1 8B, GPT-5-Nano, and CTI-RCM.
Safe, Open, and Deployable Anywhere
Like the previous Foundation AI models, Foundation-sec-8B-Reasoning is released under an open-weight license, empowering the community to customize, audit, and deploy securely. This allows for innovation, acceleration of deployment, and maintenance of control. The model can be run locally, on-prem, or in air-gapped environments, and it stays compliant by keeping sensitive data within secure environments. Safety remains foundational, and when combined with LlamaGuard, Foundation-sec-8B-Reasoning achieves 98.25% protection on HarmBench.
Getting Started
To start building with Foundation-sec-8B-Reasoning, users can download the weights on Hugging Face and run it on-prem, in secure cloud enclaves, or in air-gapped labs — no commercial agreement required. The Foundation AI Cookbook offers deployment guides, retrieval templates, and agent examples to help users get started. Users can also join the community to pilot new workflows, contribute prompts or fine-tunes, and feed their findings back into the open-source ecosystem. By working together, the community can accelerate the development of AI-native cybersecurity solutions and improve the security posture of organizations worldwide.
